General
-
Target
a56f2c00bb7df3178df39286b9c96918_JaffaCakes118
-
Size
136KB
-
Sample
240818-fc8hrawdkg
-
MD5
a56f2c00bb7df3178df39286b9c96918
-
SHA1
9c1b5b9d07d843115538406f6498e426c5da61e1
-
SHA256
7ba3610a9857322aeb9ba722dff5ba2c69f2648e2dd1e3d0276d95f8b569fbb6
-
SHA512
531e0e949e25e8b76dba659b011816891ab2e41d40ef1be213a63943f433814b53388b4481312cb3c6d0ce06e2d3e1900e2e9148ec791834da051ed7f6cef401
-
SSDEEP
1536:8UprooPQnepMYSNgIAXnqovYiGAD9KQ1/Onfp27IM70:54wSzuq4HD9R1/W+t0
Static task
static1
Behavioral task
behavioral1
Sample
a56f2c00bb7df3178df39286b9c96918_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
a56f2c00bb7df3178df39286b9c96918_JaffaCakes118
-
Size
136KB
-
MD5
a56f2c00bb7df3178df39286b9c96918
-
SHA1
9c1b5b9d07d843115538406f6498e426c5da61e1
-
SHA256
7ba3610a9857322aeb9ba722dff5ba2c69f2648e2dd1e3d0276d95f8b569fbb6
-
SHA512
531e0e949e25e8b76dba659b011816891ab2e41d40ef1be213a63943f433814b53388b4481312cb3c6d0ce06e2d3e1900e2e9148ec791834da051ed7f6cef401
-
SSDEEP
1536:8UprooPQnepMYSNgIAXnqovYiGAD9KQ1/Onfp27IM70:54wSzuq4HD9R1/W+t0
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1